TY - GEN
T1 - Pitfalls in the automated strengthening of passwords
AU - Schmidt, David
AU - Jaeger, Trent
N1 - Copyright:
Copyright 2014 Elsevier B.V., All rights reserved.
PY - 2013
Y1 - 2013
N2 - Passwords are the most common form of authentication for computer systems, and with good reason: they are simple, intuitive and require no extra device for their use. Unfortunately, users often choose weak passwords that are easy to guess. Various methods of helping users select strong passwords have been deployed, often in the form of requirements for the minimum length and number of character classes to use. Alternatively, a site could modify a user's password in order to make it more secure; strengthening algorithms have been proposed that extend/modify a user-supplied password until achieving sufficient strength. Researchers have suggested that it may be possible to balance password strength with memorability by limiting automated changes to one or two characters while evaluating the generated passwords' strength against known cracking algorithms. This paper shows that passwords that were strengthened against the best known cracking algorithms are still susceptible to attack, provided the adversary knows the strengthening algorithm. We propose two attacks: (1) by strengthening the data sets with the known algorithm, which increases the percentage of recovered passwords by a factor of 2-5, and (2) by a brute-force attack on the initial passwords and space of possible changes, recovering all passwords produced when a sufficiently weak initial password was suggested. As a result, we find that the proposed strengthening algorithms do not yet satisfy Kerckhoffs's principle.
AB - Passwords are the most common form of authentication for computer systems, and with good reason: they are simple, intuitive and require no extra device for their use. Unfortunately, users often choose weak passwords that are easy to guess. Various methods of helping users select strong passwords have been deployed, often in the form of requirements for the minimum length and number of character classes to use. Alternatively, a site could modify a user's password in order to make it more secure; strengthening algorithms have been proposed that extend/modify a user-supplied password until achieving sufficient strength. Researchers have suggested that it may be possible to balance password strength with memorability by limiting automated changes to one or two characters while evaluating the generated passwords' strength against known cracking algorithms. This paper shows that passwords that were strengthened against the best known cracking algorithms are still susceptible to attack, provided the adversary knows the strengthening algorithm. We propose two attacks: (1) by strengthening the data sets with the known algorithm, which increases the percentage of recovered passwords by a factor of 2-5, and (2) by a brute-force attack on the initial passwords and space of possible changes, recovering all passwords produced when a sufficiently weak initial password was suggested. As a result, we find that the proposed strengthening algorithms do not yet satisfy Kerckhoffs's principle.
UR - http://www.scopus.com/inward/record.url?scp=84893239347&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893239347&partnerID=8YFLogxK
U2 - 10.1145/2523649.2523651
DO - 10.1145/2523649.2523651
M3 - Conference contribution
AN - SCOPUS:84893239347
SN - 9781450320153
T3 - ACM International Conference Proceeding Series
SP - 129
EP - 138
BT - Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013
T2 - 29th Annual Computer Security Applications Conference, ACSAC 2013
Y2 - 9 December 2013 through 13 December 2013
ER -